On Updatable Redactable Signatures

Abstract

Redactable signatures allow removing parts from signed documents. State-of-the-art security models do not capture the possibility that the signer can “update” signatures, i.e., add new elements. Neglecting this, third parties can generate forgeries. Moreover, there are constructions which permit creating a signature by merging two redacted messages, if they stem from the same original. Our adjusted definition captures both possibilities. We present a provably secure construction in the standard model, which makes use of a novel trapdoor-accumulator.